There is something hitting webshell on win21 with many hundreds or requests per second, we are working to isolate it and block it off, temporarily we have disabled webshell from working.
the amounts of IPs involved and the intensity is increasing in size now, we still have it mostly under control but CPU usage is very high due to the number of requests.
We have stopped the entire site now, which means hsphere may hang on displaying ftp info or other information from win21 while we allow remaining hosted websites CPU priority over the attackers.
This is allowing SITES to work but hsphere may not for some functions
Attacks have not slowed at all still getting between 5-7MB of logs per minute of various IP addresses, but impact on server is minimal except for hpshere not able to load a few items in CP.
edit: hsphere should be working now, only Webshell is still down, we will bring it up as soon as possible.
Win21 is holding up fine client side, but is still taking a beating from the DDOS attack, it is just as strong or stronger now than when it was first happening.
We are having to clear now about 120MB of logs every 5 minutes just to keep logs from going out of hand.
Just as an update, attacks are ongoing still at a very high level. We are going to try some other means to block the IPs involved today and see how it works.
I am going to head to the datacenter and work on building a new server, and we will migrate users off this server and shared IP so that users will not be affected.
I have null routed over 800 IPs already, and it looked to be slowing a lot, but within the last minute of 1840 new IPs have attacked.
We will not be migrating the site that was attacked.
server is back up, IIS back up, and so far much faster, we will see how it goes long term. I am still wanting to migrate users off this server as the best course just due to the fact that the shared IP is continually getting hammered non stop most of the week now.